Shim6, was: Re: filtering /48 is going to be necessary

William Herrin bill at
Mon Mar 12 15:15:38 CDT 2012

On Mon, Mar 12, 2012 at 3:50 PM, Tim Chown <tjc at> wrote:
> On 12 Mar 2012, at 19:30, Owen DeLong wrote:
>> I know my view is unpopular, but, I really would rather see
>>PI made inexpensive and readily available than see NAT
>>brought into the IPv6 mainstream. However, in my
>>experience, very few residential customers make
>>use of that 3G backup port.
> So what assumptions do you think future IPv6-enabled
>homenets might make about the prefixes they receive
>or can use?   Isn't having a PI per residential homenet
>rather unlikely?

Hi Tim,

Not at all. You just build a second tier to the routing system. BGP is
at the top tier. The second tier anchors SOHO users' provider
independent addresses to a dynamically mapped set of top-tier relay
addresses where each address in the relay anchor set can reach the
SOHO's IP. Then you put an entry relay at many/most ISPs which
receives the unrouted portions of PI space, looks up the exit relay
set and relays the packet.

The ingress relays have to keep some state but it's all discardable
(can be re-looked up at any time). Also, they can be pushed close
enough to the network edge that they aren't overwhelmed. The egress
relays are stateless.

Do it right and you get within a couple percent of the routing
efficiency of BGP for SOHOs with only two or three ISPs.

There are some issues with dead path detection which get thorny but
they're solvable. There's also an origin filtering problem: packets
originating from the PI space to BGP routed space aren't relayed and
the ISP doesn't necessarily need to know that one of the PA addresses
assigned to customer X is acting as an inbound relay for PI space.
Again: solvable.

If you want to dig in to how such a thing might work, read:

Bill Herrin

William D. Herrin ................ herrin at  bill at
3005 Crane Dr. ...................... Web: <>
Falls Church, VA 22042-3004

More information about the NANOG mailing list